# six demon bag

Wind, fire, all that kind of thing!

2017-04-01

## Reset VSS Writers

VSS writers are application-specific components for Microsoft's Volume Shadow Copy Service, which ensure the consistency of application data when a shadow copy is created. That's quite useful for creating consistent backups of a system. However, some of these writers go into error states more or less frequently. And Microsoft did not deem it necessary to document how to reset writers without rebooting the entire system (or at least I didn't manage to find that piece of information).

See more ...

Posted 20:41 [permalink]

2017-03-21

## Verifying checksums on Windows systems - correctly

Posted here, since the Fedora people apparently can't be bothered to fix their documentation.

In January 2016 I came across this question on StackOverflow, asking about an OutOfMemory error when validating the SHA256 checksum of a Fedora ISO image. The Fedora documentation suggested reading the full file and then calculating the checksum from the bytes:

$sha256.ComputeHash([System.IO.File]::ReadAllBytes("$PWD\$image"))  Why anyone would even want to read an entire ISO image into memory for a checksum calculation is beyond me. The recommended way of doing this is to open the file as a stream and calculate the checksum on that stream: See more ... Posted 00:53 [permalink] 2016-01-04 ## Cannot delete my own scheduled task Recently I noticed that I was no longer able to delete scheduled tasks on my Windows 7 test box, even though I created them myself. Deletion attempts failed with the following error: The user account does not have permission to delete this task. Deleting my own tasks works fine in a vanilla install of Windows 7 SP1, so the issue must have been introduced by some update along the way. I had to modify the permissions on C:\Windows\System32\Tasks to get it to work again: icacls "C:\Windows\System32\Tasks" /grant "Authenticated Users":(RD)  Granting "list folder/read data" on the folder itself was sufficient, since the task files are owned by the user creating them and the CREATOR OWNER principal has full access to subfolders and files. Posted 19:51 [permalink] 2015-12-31 ## Barracuda Backup Agent for Linux Unattended Installation Barracuda Networks provide agents for their backup appliance for various operating systems. Unfortunately the Linux agent (unlike the Windows agent) does not come with an option for a silent installation, and it doesn't look like the vendor can be bothered to do anything about it. Instead of being able specify a path on the commandline (or at least force a silent installaton to the default path) you're always prompted for the path where the agent should be installed: /tmp # tar xzf barracuda_backup_agent-x.x.x.tar.gz /tmp # cd barracuda_backup_agent-x.x.x /tmp/barracuda_backup_agent-x.x.x # ./install Please choose an installation path, or press enter for default. [/usr/local/barracuda/bbs]: _ See more ... Posted 01:13 [permalink] 2015-06-07 ## Using the DB2 Command Line Processer from PowerShell Even for DB2 10.5 the official documentation says to use the db2cmd command for a Command Line Processor enabled environment on Windows: On Windows operating systems, db2cmd command opens the CLP-enabled DB2® window, and initializes the DB2 command line environment. However, being able to use PowerShell instead of db2cmd would be much nicer, since the former is far more versatile in practically every respect (control structures, output processing, file handling, etc.). See more ... Posted 01:38 [permalink] 2015-03-09 ## Drag & Drop in a PowerShell GUI For a little PowerShell GUI (using Windows Forms) the requirement to drag & drop files into a listbox came up. Some quick googling showed several articles (like this one) suggesting to set AllowDrop =$true and add a handler for the DragEnter event.

See more ...

Posted 19:18 [permalink]

2015-01-18

## Adding Group Members Across Domains

Normally when you add a member to an Active Directory group you'll simply use the Add-GroupMember cmdlet from the ActiveDirectory module. Except when you have to do it across domains/forests where the source domain is still running Windows Server 2008 (not R2). As in "no AD PowerShell cmdlets" and "no Active Directory Web Service (ADWS)". *sigh*

See more ...

Posted 18:25 [permalink]

2015-01-05

## PowerShell Execution Policy Scopes

Sometimes when you try to change the PowerShell execution policy you'll get an error message that the setting was applied, but will be overridden by a setting in another scope:

Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of XXX. …

Execution policies can be defined in five different scopes, from LocalMachine (least specific) to MachinePolicy (most specific), where settings in more specific scopes take precedence over settings in less specific scopes. Use Get-ExecutionPolicy -List to see which scope has which setting.

See more ...

Posted 22:46 [permalink]

2014-07-11

## Force Extensions into SeaMonkey

SeaMonkey is my preferred web browser, because I'm quite comfortable with its user interface. However, some of my favorite extensions (namely text/plain and ReloadEvery) claim to be incompatible when trying to install them, although they actually work just fine with SeaMonkey. Here's how you can convince an extension that SeaMonkey is totally fine for installation.

See more ...

Posted 19:58 [permalink]

## Compare ACLs

Recently I had the need to compare the ACLs of two Active Directory objects. With file ACLs I could expand their Access properties and compare the resulting lists with Compare-Object. However, for ACLs of Active Directory objects that didn't work, so I came up with the following function.

See more ...

Posted 18:50 [permalink]

2014-06-04

## Domain Password Change in Remote Desktop Sessions

At work we're connecting to customer systems through a jump station. This creates the problem that for domain password changes on the customer systems I can't open the Windows Security dialog/screen via either Ctrl+Alt+Del (shows the one on the local computer) or Ctrl+Alt+End (shows the one on the jump station).

See more ...

Posted 23:14 [permalink]

2014-03-18

## Migration of SMB Shares

Share migration is a common (if not integral) part of a file server migration. If you just move the shares from one host to another host the process is pretty straightforward as described in MSKB article 125996:

1. Export [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] on the old file server to a file:

reg export HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares shares.reg

2. Copy the file to the new file server and import it:

reg import shares.reg

3. Restart the Server service:

net stop server && net start server

4. Done.

See more ...

Posted 21:09 [permalink]

2014-02-26

## A Bar Graph for the PowerShell Console

As a sysadmin I frequently have the need to get an overview of the utilization of particular system resources (disk space or memory for instance). Visualizing the numbers greatly helps with spotting bottlenecks.

One way to visualize data with PowerShell are DataVisualization objects in Windows Forms, which are rather versatile, but not exactly what I would consider straightforward. They also might be overkill for various tasks. The current usage of a system resource for instance could easily be displayed with a bar graph in a text console.

See more ...

Posted 23:38 [permalink]

2014-02-16

## Check the Last User Logon

As a system administrator you're sometimes tasked with finding out who the last person logged into a particular computer was, or when a particular person was last logged in on some computer(s).

Windows records this information in the Security eventlog when you enable auditing account logon events.

See more ...

Posted 16:03 [permalink]

2013-12-20

## Automatic Updates Consuming 100% CPU

For a couple months now I've been observing the Automatic Updates service (wuauserv) causing high CPU load on hosts running Windows Server 2003 or Windows XP after new updates had been released. The problem vanished after the updates had been installed.

Apparently this is a problem with the Windows Update Agent, caused by inefficient handling of superseded updates. Installing the latest cumulative Internet Explorer update should resolve the problem.

Posted 12:13 [permalink]

2013-10-30

## Interactive VBScript Shell

Python's interactive mode is very convenient, because you can try simple stuff without having to write it to a script first. Since I have to do a lot of VBScript lately, I wanted to have something like that for VBScript, too.

I found this blog post that has almost exactly what I wanted, except for line continuation. Which is what I added (for my own convenience). You can download the modified script here.

Update: Added an Import() procedure for loading/executing additional code from other VBScript files.

Update: vbsh can now be customized with an optional init script %USERPROFILE%\init.vbs.

Update: Added a function to look up keywords in the VBScript documentation (requires that script56.chm is installed in the current working directory, the Windows help directory, or one of the directories in the %PATH%). Note that you'll need the English language version of script56.chm, since other language versions use different internal paths.

Posted 18:03 [permalink]

2013-10-09

## Process Explorer Error: .NET Performance Counters Are Corrupt

Today I encountered the following error message on one of my servers (running Windows Server 2008) when I started Process Explorer:

See more ...

Posted 11:58 [permalink]

2013-06-20

## PrintBrm Error 0x8007007b

Running the following command for backing up a printserver configuration

"%SystemRoot%\System32\spool\tools\PrintBrm.exe" -B -S server -F "C:\path\to\backup.pbk"


gave me an error after listing the printer ports:

The following error occurred: 0x8007007b.
The filename, directory name, or volume label syntax is incorrect.

Check the eventlog for detailed information about the error which occurred.


Turns out, PrintBrm doesn't seem to like double quotes around the backup file name, at least not on Windows Server 2008 R2 SP1. I changed the command line to

"%SystemRoot%\System32\spool\tools\PrintBrm.exe" -B -S server -F C:\path\to\backup.pbk


and the backup ran without issues.

Posted 16:15 [permalink]

2013-04-03

## Attach to Internet Explorer

Internet Explorer exposes a COM object that can be controlled programmatically e.g. from a VBScript. The usual way is to create a new Internet Explorer instance and work with that:

 Set ie = CreateObject("InternetExplorer.Application")


However, sometimes you may want to use an already running instance instead of creating a new one.

See more ...

Posted 20:59 [permalink]

2013-03-09

## Features on Demand in Server 2012

Back in the days of Windows 2000 Server and Windows Server 2003 it was common practice to copy the i386 folder from the CD to the server and change the SourcePath registry value, so you wouldn't have to shuffle installation media around for adding/removing Windows features. With the advent of Windows Vista and Server 2008 Microsoft introduced the component store. Now all Windows features were put on disk by default and simply had to be activated/deactivated. That increased the size of a Windows installation by factor 3-4, but on the other hand disk space had become rather inexpensive, so it wasn't that big a deal. And although the component store can be a little fragile at times it usually works quite well.

So far, so good. But what happened now with the release of Windows 8 and Server 2012? Someone at Microsoft decided that the component store took up too much space, so they introduced a new concept called "Features on Demand", which simply means that administrators can free disk space by removing components from the store. The .Net Framework 3.5 for instance was removed by default.

This is not a bad thing per se. However, the removed framework still shows up as an installable feature (e.g. in Server Manager), only now you're prompted for an alternate source path when you choose to install the framework. So what we have now is that the component store still eats up disk space (I didn't notice any significant reduction in used disk space) and we're back to either shuffling installation media around or copying sources to the local harddisk (eating up even more disk space).

Srsly, Microsoft?

Posted 15:06 [permalink]